restrict-eval and readFile on builtins.path

[nmattia]

There is something I do not understand about restrict-eval. My assumption was that it disallowed any readFile et al. from derivations, but that appears not to be the case. I put together this Nix snippet, of which some targets fail to evaluate, which I cannot explain:

let
  pkgs = import <nixpkgs> {};
  drv = pkgs.runCommand "foo" {} "cp -r '${./.}' $out";
  drv2 = pkgs.runCommand "foo" {} "cp -r '${builtins.path { path = ./.; }}' $out";
  ps =
    { # works
      p1 = ./file;

      # works
      p2 = ./. + "/file" ;

      # access to path /nix/store/... is forbidden in restricted mode
      p3 = "${./. + "/file"}" ;

      # access to path /nix/store/.../file is forbidden in restricted mode
      p4 = "${./.}" + "/file" ;

      # works
      p5 = drv + "/file" ;

      # access to path /nix/store/.../file is forbidden in restricted mode
      p6 = pkgs.lib.cleanSource ./. + "/file" ;

      # access to path /nix/store/.../file is forbidden in restricted mode
      p7 = builtins.path { path =  ./.; } + "/file" ;

      # works
      p8 = drv2 + "/file" ;
    };
in
  pkgs.lib.mapAttrs (
    n: p:
      pkgs.runCommand "build-${n}" {} "echo '${builtins.readFile p}' > $out"
    ) ps

It is basically different ways of reading a file, which may or may not come from a derivation. Run with the following command:

for i in seq 1 8; do echo -n "p$i:"; NIX_PATH=src=.:nixpkgs=/path/to/nixpkgs/ nix-build --option restrict-eval true -A p$i || echo "failed: p$i"; done

• p1 working makes sense.
• p2 working makes sense as well, since we create a path from an existing path.
• p3 failing fits with my understanding of restrict-eval preventing reading from derivation, as well as p4, p6 and p7 failing.
• p5 working fits my new understanding that restrict-eval does not prevent reading from derivation. This however contradicts the point above.
• p8 is a complete mystery, unless builtins.path itself creates some issue that is then resolved by wrapping everything in a (non-builtins.path) derivation.

The question is: is this a bug in builtins.path? if not, what is the benefit of preventing access to builtins.path derivations (p7), but not to derivations importing builtins.path (p8)?

EDIT: I just discovered the option allow-import-from-derivation. When set to false, p5 and p8 fail as well, which makes sense. I then do believe that the issue here is a bug in builtins.path.

[edolstra]

restrict-eval originally allowed access to files in NIX_PATH or the Nix store. This was later tightened to only allow access to files in NIX_PATH or paths in the Nix store instantiated by the evaluation (d4dcffd). It's possible that the latter misses some cases (e.g. maybe builtins.path needs to add some paths to allowedPaths).

[edolstra]

Indeed prim_path doesn't update allowedPaths at the moment.

[stale]

I marked this as stale due to inactivity. → More info

[adrian-gierakowski]

Indeed prim_path doesn't update allowedPaths at the moment.

has this been resolved?

[tomberek]

Perhaps #5163 ?

[adrian-gierakowski]

@edolstra do you think #5163 is a valid fix? Thanks!

[stale]

I marked this as stale due to inactivity. → More info

[tomberek]

I believe this is solved. Re-open if needed.